Creates VPEs as needed for Disconnected install

Signed-off-by: Hiro Miyamoto <[email protected]>
openshift · Nov 5, 2024 · 0d16d14 · 0d16d14
1 parent 08792a0
commit 0d16d14
Show file tree

Hide file tree

Showing 3 changed files with 116 additions and 0 deletions.
diff --git a/pkg/asset/installconfig/powervs/client.go b/pkg/asset/installconfig/powervs/client.go
@@ -85,6 +85,9 @@ type API interface {
 
 	// Load Balancer
 	AddIPToLoadBalancerPool(ctx context.Context, lbID string, poolName string, port int64, ip string) error
+
+	// Virtual Private Endpoint Gateway
+	CreateVirtualPrivateEndpointGateway(ctx context.Context, name string, vpcID string, subnetID string, rgID string, targetCRN string) (*vpcv1.EndpointGateway, error)
 }
 
 // Client makes calls to the PowerVS API.
@@ -1459,3 +1462,73 @@ func (c *Client) AddIPToLoadBalancerPool(ctx context.Context, lbID string, poolN
 			return true, nil
 		})
 }
+
+// CreateVirtualPrivateEndpointGateway creates a VPE gateway with given target resource type and CRN.
+func (c *Client) CreateVirtualPrivateEndpointGateway(ctx context.Context, name string, vpcID string, subnetID string, rgID string, targetCRN string) (*vpcv1.EndpointGateway, error) {
+	var (
+		resp   *core.DetailedResponse
+		err    error
+		ok     bool
+		egs    *vpcv1.EndpointGatewayCollection
+		egRef  *vpcv1.EndpointGatewayTarget
+		idIntf *vpcv1.VPCIdentityByID
+		target *vpcv1.EndpointGatewayTargetPrototypeEndpointGatewayTargetResourceTypeProviderCloudServicePrototype
+		rgIntf *vpcv1.ResourceGroupIdentityByID
+		ipIntf *vpcv1.EndpointGatewayReservedIPReservedIPIdentityByID
+	)
+
+	listOpts := c.vpcAPI.NewListEndpointGatewaysOptions()
+	listOpts.SetVPCID(vpcID)
+	egs, _, err = c.vpcAPI.ListEndpointGateways(listOpts)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, eg := range egs.EndpointGateways {
+		egRef, ok = eg.Target.(*vpcv1.EndpointGatewayTarget)
+		if !ok {
+			return nil, fmt.Errorf("Target inside returned EndpointGateway was invalid: %v", eg.Target)
+		}
+		if *egRef.CRN == targetCRN {
+			return &eg, nil
+		}
+	}
+
+	target, err = c.vpcAPI.NewEndpointGatewayTargetPrototypeEndpointGatewayTargetResourceTypeProviderCloudServicePrototype("provider_cloud_service", targetCRN)
+	if err != nil {
+		return nil, err
+	}
+	idIntf, err = c.vpcAPI.NewVPCIdentityByID(vpcID)
+	if err != nil {
+		return nil, err
+	}
+	createOpts := c.vpcAPI.NewCreateEndpointGatewayOptions(target, idIntf)
+	createOpts.SetName(name)
+	createOpts.SetAllowDnsResolutionBinding(true)
+	rgIntf, err = c.vpcAPI.NewResourceGroupIdentityByID(rgID)
+	if err != nil {
+		return nil, err
+	}
+	createOpts.SetResourceGroup(rgIntf)
+	ipName := fmt.Sprintf("%s-ip", name)
+	createIPOpts := c.vpcAPI.NewCreateSubnetReservedIPOptions(subnetID)
+	createIPOpts.SetName(ipName)
+	createIPOpts.SetSubnetID(subnetID)
+	reservedIP, _, err := c.vpcAPI.CreateSubnetReservedIPWithContext(ctx, createIPOpts)
+	if err != nil {
+		return nil, err
+	}
+	ipIntf, err = c.vpcAPI.NewEndpointGatewayReservedIPReservedIPIdentityByID(*reservedIP.ID)
+	if err != nil {
+		return nil, err
+	}
+	ips := []vpcv1.EndpointGatewayReservedIPIntf{ipIntf}
+	createOpts.SetIps(ips)
+
+	eg, resp, err := c.vpcAPI.CreateEndpointGatewayWithContext(ctx, createOpts)
+	if err != nil {
+		logrus.Debugf("CreateEndpointGatewayWithContext returned %v", resp)
+		return nil, err
+	}
+	return eg, nil
+}
diff --git a/pkg/asset/installconfig/powervs/mock/powervsclient_generated.go b/pkg/asset/installconfig/powervs/mock/powervsclient_generated.go
diff --git a/pkg/infrastructure/powervs/clusterapi/powervs.go b/pkg/infrastructure/powervs/clusterapi/powervs.go
@@ -163,6 +163,34 @@ func (p Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput)
 	if err != nil {
 		return fmt.Errorf("failed to add ping security group rule: %w", err)
 	}
+
+	if in.InstallConfig.Config.Publish == types.InternalPublishingStrategy &&
+		(len(in.InstallConfig.Config.ImageDigestSources) > 0 || len(in.InstallConfig.Config.DeprecatedImageContentSources) > 0) {
+		var client *powervsconfig.Client
+		client, err = powervsconfig.NewClient()
+		if err != nil {
+			return fmt.Errorf("failed to obtain PowerVS client: %w", err)
+		}
+
+		name := fmt.Sprintf("%s-vpe-iam", in.InfraID)
+		vpcID := *powerVSCluster.Status.VPC.ID
+		logrus.Debugf("InfraReady: Ensuring VPE gateway for IAM in VPC %v", vpcID)
+		rgID := *powerVSCluster.Status.ResourceGroup.ID
+		subnetID := *powerVSCluster.Status.VPCSubnet[*powerVSCluster.Spec.VPCSubnets[1].Name].ID
+		_, err = client.CreateVirtualPrivateEndpointGateway(ctx, name, vpcID, subnetID, rgID, "crn:v1:bluemix:public:iam-svcs:global:::endpoint:private.iam.cloud.ibm.com")
+		if err != nil {
+			return fmt.Errorf("failed to create VPE: %w", err)
+		}
+
+		name = fmt.Sprintf("%s-vpe-cos", in.InfraID)
+		s3Crn := fmt.Sprintf("crn:v1:bluemix:public:cloud-object-storage:global:::endpoint:s3.direct.%s.cloud-object-storage.appdomain.cloud", vpcRegion)
+		logrus.Debugf("InfraReady: Ensuring VPE gateway for COS %v", s3Crn)
+		_, err = client.CreateVirtualPrivateEndpointGateway(ctx, name, vpcID, subnetID, rgID, s3Crn)
+		if err != nil {
+			return fmt.Errorf("failed to create VPE: %w", err)
+		}
+	}
+
 	return nil
 }